fukamachi / lack

Lack, the core of Clack
MIT License
155 stars 33 forks source link

Allow custom error responses with authorization? #85

Closed kilianmh closed 4 months ago

kilianmh commented 6 months ago

It might be interesting for auth middleware to be able to signal specific error responses. We could add here https://github.com/fukamachi/lack/blob/c09ef6677c3d53e0c8b03e2cd413d13461c62f56/src/middleware/auth/basic.lisp#L26-L31 as third option for the first returned value (result) of the authenticator function to be a lack/response:response struct. If that is the case, the struct would be finalized.

Here is example code that should also maintain backwards compatiblity for existing users:

(cond ((eql result t)
       (setf (getf env :remote-user)
         (or returned-user user))
       (funcall app env))
      ((eql result nil)
       (return-401 realm))
      ((typep result 'lack/response:response)
       (lack/response:finalize-response result))
      (t
       (setf (getf env :remote-user)
         (or returned-user user))
       (funcall app env)))

Do you like the idea? @fukamachi Else of course we can stick with the current way of signalling error responses as it is right now.

fukamachi commented 5 months ago

Well, it might be useful in some cases, but I can't say it's worth the exchange of adding a dependency on lack-response. Although it may sound trivial, Lack's philosophy is to provide minimal & composable parts that users want. To achieve that, I want its dependency as little as possible.

As you mentioned, you can use conditions to handle it, or it might be good to add the result to ENV so that it can be accessed in the APP, something like (setf (getf env :lack.auth.basic) result).